Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kimap-20.08.2/autotests/storejobtest.cpp
Examining data/kimap-20.08.2/autotests/testrfccodecs.h
Examining data/kimap-20.08.2/autotests/appendjobtest.cpp
Examining data/kimap-20.08.2/autotests/deletejobtest.cpp
Examining data/kimap-20.08.2/autotests/testrfccodecs.cpp
Examining data/kimap-20.08.2/autotests/streamparsertest.cpp
Examining data/kimap-20.08.2/autotests/setmetadatajobtest.cpp
Examining data/kimap-20.08.2/autotests/subscribejobtest.cpp
Examining data/kimap-20.08.2/autotests/listjobtest.cpp
Examining data/kimap-20.08.2/autotests/movejobtest.cpp
Examining data/kimap-20.08.2/autotests/capabilitiesjobtest.cpp
Examining data/kimap-20.08.2/autotests/imapsettest.cpp
Examining data/kimap-20.08.2/autotests/idjobtest.cpp
Examining data/kimap-20.08.2/autotests/idlejobtest.cpp
Examining data/kimap-20.08.2/autotests/fetchjobtest.cpp
Examining data/kimap-20.08.2/autotests/getmetadatajobtest.cpp
Examining data/kimap-20.08.2/autotests/renamejobtest.cpp
Examining data/kimap-20.08.2/autotests/testsession.cpp
Examining data/kimap-20.08.2/autotests/unsubscribejobtest.cpp
Examining data/kimap-20.08.2/autotests/selectjobtest.cpp
Examining data/kimap-20.08.2/autotests/quotarootjobtest.cpp
Examining data/kimap-20.08.2/autotests/statusjobtest.cpp
Examining data/kimap-20.08.2/autotests/searchjobtest.cpp
Examining data/kimap-20.08.2/autotests/loginjobtest.cpp
Examining data/kimap-20.08.2/autotests/expungejobtest.cpp
Examining data/kimap-20.08.2/autotests/createjobtest.cpp
Examining data/kimap-20.08.2/autotests/fakeservertest.cpp
Examining data/kimap-20.08.2/autotests/logoutjobtest.cpp
Examining data/kimap-20.08.2/autotests/kimaptest/mockjob.cpp
Examining data/kimap-20.08.2/autotests/kimaptest/mockjob.h
Examining data/kimap-20.08.2/autotests/kimaptest/fakeserver.h
Examining data/kimap-20.08.2/autotests/kimaptest/fakeserver.cpp
Examining data/kimap-20.08.2/autotests/kimaptest/sslserver.cpp
Examining data/kimap-20.08.2/autotests/kimaptest/sslserver.h
Examining data/kimap-20.08.2/tests/testimapserver.cpp
Examining data/kimap-20.08.2/tests/testimapidle.cpp
Examining data/kimap-20.08.2/src/copyjob.cpp
Examining data/kimap-20.08.2/src/storejob.h
Examining data/kimap-20.08.2/src/setacljob.h
Examining data/kimap-20.08.2/src/sessionlogger.cpp
Examining data/kimap-20.08.2/src/setacljob.cpp
Examining data/kimap-20.08.2/src/myrightsjob.h
Examining data/kimap-20.08.2/src/expungejob.cpp
Examining data/kimap-20.08.2/src/deletejob.cpp
Examining data/kimap-20.08.2/src/response_p.h
Examining data/kimap-20.08.2/src/sessionuiproxy.cpp
Examining data/kimap-20.08.2/src/setmetadatajob.cpp
Examining data/kimap-20.08.2/src/deleteacljob.cpp
Examining data/kimap-20.08.2/src/expungejob.h
Examining data/kimap-20.08.2/src/deletejob.h
Examining data/kimap-20.08.2/src/statusjob.cpp
Examining data/kimap-20.08.2/src/listjob.h
Examining data/kimap-20.08.2/src/sessionlogger_p.h
Examining data/kimap-20.08.2/src/acljobbase.cpp
Examining data/kimap-20.08.2/src/rfccodecs.cpp
Examining data/kimap-20.08.2/src/setquotajob.h
Examining data/kimap-20.08.2/src/quotajobbase.h
Examining data/kimap-20.08.2/src/sessionuiproxy.h
Examining data/kimap-20.08.2/src/common.h
Examining data/kimap-20.08.2/src/closejob.cpp
Examining data/kimap-20.08.2/src/listjob.cpp
Examining data/kimap-20.08.2/src/logoutjob.cpp
Examining data/kimap-20.08.2/src/getquotajob.h
Examining data/kimap-20.08.2/src/appendjob.cpp
Examining data/kimap-20.08.2/src/searchjob.cpp
Examining data/kimap-20.08.2/src/deleteacljob.h
Examining data/kimap-20.08.2/src/namespacejob.h
Examining data/kimap-20.08.2/src/job.cpp
Examining data/kimap-20.08.2/src/subscribejob.h
Examining data/kimap-20.08.2/src/metadatajobbase.h
Examining data/kimap-20.08.2/src/capabilitiesjob.cpp
Examining data/kimap-20.08.2/src/loginjob.cpp
Examining data/kimap-20.08.2/src/copyjob.h
Examining data/kimap-20.08.2/src/metadatajobbase.cpp
Examining data/kimap-20.08.2/src/fetchjob.cpp
Examining data/kimap-20.08.2/src/session_p.h
Examining data/kimap-20.08.2/src/sessionthread_p.h
Examining data/kimap-20.08.2/src/movejob.h
Examining data/kimap-20.08.2/src/selectjob.h
Examining data/kimap-20.08.2/src/closejob.h
Examining data/kimap-20.08.2/src/listrightsjob.h
Examining data/kimap-20.08.2/src/getacljob.h
Examining data/kimap-20.08.2/src/imapset.cpp
Examining data/kimap-20.08.2/src/listrightsjob.cpp
Examining data/kimap-20.08.2/src/subscribejob.cpp
Examining data/kimap-20.08.2/src/idlejob.cpp
Examining data/kimap-20.08.2/src/getquotarootjob.h
Examining data/kimap-20.08.2/src/selectjob.cpp
Examining data/kimap-20.08.2/src/appendjob.h
Examining data/kimap-20.08.2/src/imapstreamparser.cpp
Examining data/kimap-20.08.2/src/acl.cpp
Examining data/kimap-20.08.2/src/imapset.h
Examining data/kimap-20.08.2/src/loginjob.h
Examining data/kimap-20.08.2/src/fetchjob.h
Examining data/kimap-20.08.2/src/idjob.h
Examining data/kimap-20.08.2/src/movejob.cpp
Examining data/kimap-20.08.2/src/getmetadatajob.h
Examining data/kimap-20.08.2/src/logoutjob.h
Examining data/kimap-20.08.2/src/job_p.h
Examining data/kimap-20.08.2/src/createjob.h
Examining data/kimap-20.08.2/src/rfccodecs.h
Examining data/kimap-20.08.2/src/getquotarootjob.cpp
Examining data/kimap-20.08.2/src/setquotajob.cpp
Examining data/kimap-20.08.2/src/renamejob.h
Examining data/kimap-20.08.2/src/acljobbase_p.h
Examining data/kimap-20.08.2/src/renamejob.cpp
Examining data/kimap-20.08.2/src/imapstreamparser.h
Examining data/kimap-20.08.2/src/namespacejob.cpp
Examining data/kimap-20.08.2/src/unsubscribejob.h
Examining data/kimap-20.08.2/src/session.h
Examining data/kimap-20.08.2/src/sessionthread.cpp
Examining data/kimap-20.08.2/src/getacljob.cpp
Examining data/kimap-20.08.2/src/capabilitiesjob.h
Examining data/kimap-20.08.2/src/myrightsjob.cpp
Examining data/kimap-20.08.2/src/metadatajobbase_p.h
Examining data/kimap-20.08.2/src/acljobbase.h
Examining data/kimap-20.08.2/src/idlejob.h
Examining data/kimap-20.08.2/src/unsubscribejob.cpp
Examining data/kimap-20.08.2/src/quotajobbase.cpp
Examining data/kimap-20.08.2/src/getmetadatajob.cpp
Examining data/kimap-20.08.2/src/storejob.cpp
Examining data/kimap-20.08.2/src/getquotajob.cpp
Examining data/kimap-20.08.2/src/idjob.cpp
Examining data/kimap-20.08.2/src/quotajobbase_p.h
Examining data/kimap-20.08.2/src/setmetadatajob.h
Examining data/kimap-20.08.2/src/createjob.cpp
Examining data/kimap-20.08.2/src/acl.h
Examining data/kimap-20.08.2/src/session.cpp
Examining data/kimap-20.08.2/src/searchjob.h
Examining data/kimap-20.08.2/src/job.h
Examining data/kimap-20.08.2/src/statusjob.h

FINAL RESULTS:

data/kimap-20.08.2/src/rfccodecs.cpp:556:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(latin_us, str.toLatin1().constData());
data/kimap-20.08.2/autotests/kimaptest/fakeserver.cpp:145:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file.open(QFile::ReadOnly);
data/kimap-20.08.2/autotests/streamparsertest.cpp:58:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        socket.open(QBuffer::WriteOnly);
data/kimap-20.08.2/autotests/streamparsertest.cpp:62:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        readSocket.open(QBuffer::ReadOnly);
data/kimap-20.08.2/autotests/streamparsertest.cpp:90:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        socket.open(QBuffer::WriteOnly);
data/kimap-20.08.2/autotests/streamparsertest.cpp:95:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        readSocket.open(QBuffer::ReadOnly);
data/kimap-20.08.2/autotests/streamparsertest.cpp:131:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        socket.open(QBuffer::WriteOnly);
data/kimap-20.08.2/autotests/streamparsertest.cpp:135:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        readSocket.open(QBuffer::ReadOnly);
data/kimap-20.08.2/src/rfccodecs.cpp:43:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char especials[17] = "()<>@,;:\"/[]?.= ";
data/kimap-20.08.2/src/rfccodecs.cpp:60:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char base64[256], utf8[6];
data/kimap-20.08.2/src/sessionlogger.cpp:26:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!m_file.open(QFile::WriteOnly)) {
data/kimap-20.08.2/src/loginjob.cpp:108:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                interact->len = strlen((const char *) interact->result);
data/kimap-20.08.2/src/loginjob.cpp:115:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            interact->len = strlen((const char *) interact->result);
data/kimap-20.08.2/src/loginjob.cpp:120:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            interact->len = strlen((const char *) interact->result);

ANALYSIS SUMMARY:

Hits = 14
Lines analyzed = 18633 in approximately 0.50 seconds (37585 lines/second)
Physical Source Lines of Code (SLOC) = 12343
Hits@level = [0]   2 [1]   3 [2]  10 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  16 [1+]  14 [2+]  11 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 1.29628 [1+] 1.13425 [2+] 0.891193 [3+] 0.0810176 [4+] 0.0810176 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.